Denial of Service (DoS) attacks, especially Distributed Denial of Service (DDoS) attacks, pose a serious threat to the availability of internet services. DoS attacks typically consume the resources of a remote host or network, thereby limiting and/or blocking legitimate users' access. Such attacks can result in significant loss of time and money for many organizations.
DDoS attacks are among the hardest network security problems because they are simple to implement, difficult to prevent, and very difficult to trace. In order to conceal the origins of attacks and to coax uncompromised hosts into becoming reflectors, DDoS attackers typically spoof their IP packets by randomizing the source address fields. Further, an attacker need not be operating from a single machine; he may be able to coordinate several machines on different networks to launch the attacks.
Many solutions have been proposed to prevent and/or trace DDoS attacks. However, these solutions suffer from a number of deficiencies. For example, some solutions propose new protocols or mechanisms to be implemented on all network routers, which is difficult to achieve. Some solutions rely on statistical methods and models, and therefore are likely to produce many false positives.
In view of the foregoing, it would be desirable to provide a technique for preventing and/or tracing DoS attacks which overcomes the above-described inadequacies and shortcomings.